
d 



2S 
>< 



O 



LU LU CC 
O \~ LU 

<b> 
2<cr 



O 
O 

LU 

O 

I 

LU 

00 



is 



CsJ 

d 



Ex 



o 



O X LU LU 
OOLUHI 

Z5LUO=> 
CO*0C < 



FIG. 3 



SERVICE PROFILE 



NAME 


CONTENT 


SUBSCRIBER 
IDENTIFICATION 
INFORMATION 


TELEPHONE NUMBER 


NAI 


AUTHENTICATION ENTRY NUMBER 




IPSec 

APPLICATION CONDITION 1 


IP ADDRESS 


PORT NUMBER 


IPSec 

APPLICATION CONDITION 2 


IP ADDRESS 


PORT NUMBER 







I— 

cr 

LU 
00 

2 
o 
to 

CD 
ZD 

00 




DATA RETAINED BY SUBSCRIBER TERMINAL 



FIG. 5A S PD 



NAME 1 CONTENT 


IPSec 
APPLICATION 
CONDITION 1 


IP ADDRESS 


PORT NUMBER 


IPSec 
APPLICATION 
CONDITION 2 


IP ADDRESS 


PORT NUMBER 







FIG. 5B SAD 



NAME 


APPLICATION 
CONDITION 


CONTENT 


IPSec 
APPLICATION 
CONDITION 1 


IP ADDRESS 


ENCRYPTION PROTOCOL 
KEY 


PORT NUMBER 


SPI 


IPSec 
APPLICATION 
CONDITION 2 


IP ADDRESS 


ENCRYPTION PROTOCOL 
KEY 


PORT NUMBER 


SPI 









UJ 

GO 

o 
cr 

D_ 
LLi 
O 

< 
X 

o 

X 
LU 

> 

LU 




CD 
O 



FIG. 8 



SUBSCRIBER TERMINAL PROCESS SEQUENCE 
(COMMUNICATION START) 



^52 



^53 



^55 



^54 



PACKETl - 
TRANSMISSION 
REQUEST 



MESSAGE 
TRANSMITTER/ 
RECEIVER 



ENCRYPTION 
/DECRYPTION 
SECTION 



ENCRYPTION 
PROCESS 
MANAGER 



PROTOCOL 
CONTROLLER 



,S1 



DETECT PACKET 
TRANSMISSION 



FMQ1 1IRE ENCRYPTION NECESSITY, 



KEY EXISTENCE 



,S2 



DESIDE BASED ON 
SPD, SAD 



TRANSMIT MESSAGE 



SERVICE-*- 
CONTROL 
UNIT — 



NOTIFY KEY ISNT 



EXISTENT 



S3 



KEY 



FXCHANGE PROXY 



REQ JEST MESSAGE 



RECEIVE MESSAGE 
INCLUDING KEY 



MESSAGE 



INCLUDING KEY 



REQUEST KEY EXCHANGE 
PROXY REQUEST MESSAGE 
FORWARD THE MESSAGE 



,S6 



EXTRACT SA DATA 



SA 



ADD SA DATA 
TO SAD 



L-S7 



FIG. 9 



SERVICE CONTROL UNIT PROCESS SEQUENCE 



SUBSCRIBER 

TERMINAL 
KEY EXCHANGE 

PROXY SERVER 
ROUTER — 
AUTHENTICATION 

SERVER 



MESSAGE 
TRANSMITTER/ 
RECEIVER 



RECEIVE MESSAGE 



MESSAGE 



SERVICE 
MANAGER 



PROTOCOL 
CONTOROLLER 



TRANSFER/TRANSMIT _ s13 
MESSAGE \ 



SUBSCRIBER 

TERMINAL 
KEY EXCHANGE 

PROXY SERVER 
ROUTER 

AUTHENTICATION 
SERVER 





^,S12 






ANA 
MES 


LYZE 
SAGE 





ANALYSIS RESULT 



MF SSAGE. TRANSMISSION/ 



TRANSFER INSTRUCTION 



FIG. 11 



KEY EXCHANGE PROXY SERVER PROCESS SEQUENCE 



SERVICE 
CONTROL 
UNIT 



MESSAGE 
TRANSMITTER/ 
RECEIVER 



S31 



RECEIVE MESSAGE 



MESSAGE 



TRANSMIT MESSAGE 



SERVICE - 
CONTROL 
UNIT 



KEY 
GENERATOR 



PROTOCOL 
CONTROLLER 



KE Y GENERATE 
REQUEST 



-S35 



KEY 





^S32 


ANALYZE 


MESSAGE 


PERFORM 
KEY EXCHAGE 
PROCESS 


GENERAT 


E MESSAGE 



— S33 
-S34 



MESSAGE 



FIG. 12A 



KEY EXCHANGE MESSAGE 
(KEY EXCHANGE PROXY REQUEST MESSAGE) 



(SUBSCRIBER TERMINAL — SERVICE CONTROL UNIT) 



IP HEADER 


KEY EXCHANGE 


SA: SUBSCRIBER TERMINAL 


PROXY REQUEST 


DA: OPPOSITE COMMUNICATION 


MESSAGE 


TERMINAL 



UDP HEADER 



IKE HEADER 



FIG. 12B 



KEY EXCHANGE MESSAGE 
(KEY EXCHANGE PROXY REQUEST MESSAGE) 

(SERVICE CONTROL UNIT -* KEY EXCHANGE PROXY SERVER) 



IP HEADER 
SA: SERVICE CONTROL 
UNIT 

DA: KEY EXCHANGE 
PROXY SERVER 



IP HEADER 
SA: SUBSCRIBER 
TERMINAL 
DA: OPPOSITE 

COMMUNICATION 
TERMINAL 



KEY EXCHANGE 
PROXY REQUEST 
MESSAGE 



FIG. 13A 



KEY EXCHANGE MESSAGE 



(SERVICE CONTROL UNIT - OPPOSITE COMMUNICATION TERMINAL) 



i IKE MESSAGE 

SA SUBSCRIBER TERMINAL 
DA- OPPOSITE COMMUNICATION TERMINAL 



FIG. 13B 



KEY EXCHANGE MESSAGE 

(OPPOSITE COMMUNICATION TERMINAL - SERVICE CONTROL UNIT) 



I IKE MESSAGE 
SA- OPPOSITE COMMUNICATION TERMINAL 
DA: SUBSCRIBER TERMINAL 



FIG. 13C 



KEY EXCHANGE MESSAGE 

(SERVICE CONTROL UNIT - KEY EXCHANGE PROXYJERVER)- 



IP HEADER 
SA: SERVICE CONTROL UNIT 
DA: KEY EXCHANGE 

PROXY SERVER 



IKE MESSAGE 
SA: OPPOSITE COMMUNICATION 
TERMINAL 
DA: SUBSCRIBER TERMINAL 



FIG. 1 3D ^CHANGE MESSAGE 

(KEY EXCHANGE PROXYSERV^^ 



IP HEADER 
SA: KEY EXCHANGE 

PROXY SERVER 
DA- SERVICE CONTROL UNIT 



IKE MESSAGE 
SA SUBSCRIBER TERMINAL 
DA OPPOSITE COMMUNICATION 
TERMINAL 



FIG. 14A 



KEY TRANSFER MESSAGE 

(KEY EXCHANGE PROXY SERVER -» SERVICE CONTROL UNIT) 



IP HEADER 
SA: KEY EXCHANGE 
PROXY SERVER 
DA: SERVICE CONTROL 
UNIT 



IP HEADER 
SA: OPPOSITE 

COMMUNICATION 
TERMINAL 
DA: SUBSCRIBER 
TERMINAL 



KEY 
INFORMATION 

(SA) 



FIG. 14B 



KEY TRANSFER MESSAGE 

(SERVICE CONTROL UNIT -> SUBSCRIBER TERMINAL) 



IP HEADER 
SA: SERVICE CONTROL 
UNIT 
DA: SUBSCRIBER 
TERMINAL 



IP HEADER 
SA: OPPOSITE 

COMMUNICATION 
TERMINAL 
DA: SUBSCRIBER 
TERMINAL 



KEY 
INFORMATION 

(SA) 



FIG. 15 



SUBSCRIBER TERMINAL PROCESS SEQUENCE 
(PACKET TRANSMISSION/RECEPTION) 



PACKET 
TRANSMISSION 
REQUEST 



MESSAGE 
TRANSMITTER/ 
RECEIVER 



f ENCRYPTION/ 
DECRYPTION 
SECTION 



ENCRYPTION 
PROCESS 
MANAGER 



PROTOCOL 
CONTROLER 



DETECT PACKET 
TRANSMISSION 



INQUIRE ENCRYPT! 3N NECESSITY, 



KEY EXISTENCE 



DESIDE BASED ON 
SPD. SAD 



SELECT KEY 



S43 



E NCRYPTION INSTR UCTION/KEY 



PACKET 



PERFORM 
ENCRYPTION 
PROCESS 



TRANSMIT PACKET — S45 



SERVICE 

CONTROL 

UNIT 

SERVICE 
CONTROL 
UNIT — 



tig 



RECEIVE PACKET 



PACKET 



SPI 



EXTRACT KEY 
BASED ON SPI 



DECRYPT PACKET — S48 



• oo. 



